v8
diff --git a/‎src/api.cc‎
Lines changed: 24 additions & 7 deletions b/‎src/api.cc‎
Lines changed: 24 additions & 7 deletions
diff --git a/‎src/asmjs/asm-js.cc‎
Lines changed: 14 additions & 16 deletions b/‎src/asmjs/asm-js.cc‎
Lines changed: 14 additions & 16 deletions
diff --git a/‎src/bailout-reason.h‎
Lines changed: 1 addition & 0 deletions b/‎src/bailout-reason.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/bootstrapper.cc‎
Lines changed: 20 additions & 29 deletions b/‎src/bootstrapper.cc‎
Lines changed: 20 additions & 29 deletions
diff --git a/‎src/builtins/arm/builtins-arm.cc‎
Lines changed: 68 additions & 24 deletions b/‎src/builtins/arm/builtins-arm.cc‎
Lines changed: 68 additions & 24 deletions
@@ -729,15 +729,33 @@ StartupData SnapshotCreator::CreateBlob(
   i::SerializedHandleChecker handle_checker(isolate, &contexts);
   CHECK(handle_checker.CheckGlobalAndEternalHandles());
 
-  // Complete in-object slack tracking for all functions.
   i::HeapIterator heap_iterator(isolate->heap());
   while (i::HeapObject* current_obj = heap_iterator.next()) {
-    if (!current_obj->IsJSFunction()) continue;
-    i::JSFunction* fun = i::JSFunction::cast(current_obj);
-    fun->CompleteInobjectSlackTrackingIfActive();
+    // Complete in-object slack tracking for all functions.
+    if (current_obj->IsJSFunction()) {
+      i::JSFunction* fun = i::JSFunction::cast(current_obj);
+      fun->CompleteInobjectSlackTrackingIfActive();
+    }
+
+    // Clear out re-compilable data from all shared function infos. Any
+    // JSFunctions using these SFIs will have their code pointers reset by the
+    // partial serializer.
+    if (current_obj->IsSharedFunctionInfo() &&
+        function_code_handling == FunctionCodeHandling::kClear) {
+      i::SharedFunctionInfo* shared = i::SharedFunctionInfo::cast(current_obj);
+      if (shared->HasBytecodeArray()) {
+        shared->ClearBytecodeArray();
+      } else if (shared->HasAsmWasmData()) {
+        shared->ClearAsmWasmData();
+      } else if (shared->HasPreParsedScopeData()) {
+        shared->ClearPreParsedScopeData();
+      }
+      DCHECK(shared->HasCodeObject() || shared->HasBuiltinId() ||
+             shared->IsApiFunction());
+    }
   }
 
-  i::StartupSerializer startup_serializer(isolate, function_code_handling);
+  i::StartupSerializer startup_serializer(isolate);
   startup_serializer.SerializeStrongReferences();
 
   // Serialize each context with a new partial serializer.
@@ -9689,9 +9707,8 @@ Local<Function> debug::GetBuiltin(Isolate* v8_isolate, Builtin builtin) {
   }
 
   i::Handle<i::String> name = isolate->factory()->empty_string();
-  i::Handle<i::Code> code(isolate->builtins()->builtin(builtin_id));
   i::NewFunctionArgs args = i::NewFunctionArgs::ForBuiltinWithoutPrototype(
-      name, code, builtin_id, i::LanguageMode::kSloppy);
+      name, builtin_id, i::LanguageMode::kSloppy);
   i::Handle<i::JSFunction> fun = isolate->factory()->NewFunction(args);
 
   fun->shared()->DontAdaptArguments();
 
@@ -65,21 +65,20 @@ bool AreStdlibMembersValid(Isolate* isolate, Handle<JSReceiver> stdlib,
     Handle<Object> value = JSReceiver::GetDataProperty(stdlib, name);
     if (!value->IsNaN()) return false;
   }
-#define STDLIB_MATH_FUNC(fname, FName, ignore1, ignore2)                       \
-  if (members.Contains(wasm::AsmJsParser::StandardMember::kMath##FName)) {     \
-    members.Remove(wasm::AsmJsParser::StandardMember::kMath##FName);           \
-    Handle<Name> name(isolate->factory()->InternalizeOneByteString(            \
-        STATIC_CHAR_VECTOR(#fname)));                                          \
-    Handle<Object> value = StdlibMathMember(isolate, stdlib, name);            \
-    if (!value->IsJSFunction()) return false;                                  \
-    SharedFunctionInfo* shared = Handle<JSFunction>::cast(value)->shared();    \
-    if (shared->HasLazyDeserializationBuiltinId()) {                           \
-      if (shared->lazy_deserialization_builtin_id() != Builtins::kMath##FName) \
-        return false;                                                          \
-    } else if (shared->code() !=                                               \
-               isolate->builtins()->builtin(Builtins::kMath##FName)) {         \
-      return false;                                                            \
-    }                                                                          \
+#define STDLIB_MATH_FUNC(fname, FName, ignore1, ignore2)                    \
+  if (members.Contains(wasm::AsmJsParser::StandardMember::kMath##FName)) {  \
+    members.Remove(wasm::AsmJsParser::StandardMember::kMath##FName);        \
+    Handle<Name> name(isolate->factory()->InternalizeOneByteString(         \
+        STATIC_CHAR_VECTOR(#fname)));                                       \
+    Handle<Object> value = StdlibMathMember(isolate, stdlib, name);         \
+    if (!value->IsJSFunction()) return false;                               \
+    SharedFunctionInfo* shared = Handle<JSFunction>::cast(value)->shared(); \
+    if (!shared->HasBuiltinId() ||                                          \
+        shared->builtin_id() != Builtins::kMath##FName) {                   \
+      return false;                                                         \
+    }                                                                       \
+    DCHECK_EQ(shared->GetCode(),                                            \
+              isolate->builtins()->builtin(Builtins::kMath##FName));        \
   }
   STDLIB_MATH_FUNCTION_LIST(STDLIB_MATH_FUNC)
 #undef STDLIB_MATH_FUNC
@@ -302,7 +301,6 @@ CompilationJob::Status AsmJsCompilationJob::FinalizeJobImpl(Isolate* isolate) {
   result->set(kWasmDataCompiledModule, *compiled);
   result->set(kWasmDataUsesBitSet, *uses_bitset);
   compilation_info()->SetAsmWasmData(result);
-  compilation_info()->SetCode(BUILTIN_CODE(isolate, InstantiateAsmJs));
 
   RecordHistograms(isolate);
   ReportCompilationSuccess(parse_info()->script(),
 
@@ -32,6 +32,7 @@ namespace internal {
   V(kInvalidHandleScopeLevel, "Invalid HandleScope level")                     \
   V(kInvalidJumpTableIndex, "Invalid jump table index")                        \
   V(kInvalidRegisterFileInGenerator, "invalid register file in generator")     \
+  V(kInvalidSharedFunctionInfoData, "Invalid SharedFunctionInfo data")         \
   V(kMissingBytecodeArray, "Missing bytecode array from function")             \
   V(kObjectNotTagged, "The object is not tagged")                              \
   V(kObjectTagged, "The object is tagged")                                     \
 
@@ -359,10 +359,10 @@ namespace {
 // Non-construct case.
 V8_NOINLINE Handle<SharedFunctionInfo> SimpleCreateSharedFunctionInfo(
     Isolate* isolate, Builtins::Name builtin_id, Handle<String> name, int len) {
-  Handle<Code> code = isolate->builtins()->builtin_handle(builtin_id);
   const bool kNotConstructor = false;
-  Handle<SharedFunctionInfo> shared = isolate->factory()->NewSharedFunctionInfo(
-      name, code, kNotConstructor, kNormalFunction, builtin_id);
+  Handle<SharedFunctionInfo> shared =
+      isolate->factory()->NewSharedFunctionInfoForBuiltin(
+          name, builtin_id, kNotConstructor, kNormalFunction);
   shared->set_internal_formal_parameter_count(len);
   shared->set_length(len);
   return shared;
@@ -373,10 +373,10 @@ V8_NOINLINE Handle<SharedFunctionInfo>
 SimpleCreateConstructorSharedFunctionInfo(Isolate* isolate,
                                           Builtins::Name builtin_id,
                                           Handle<String> name, int len) {
-  Handle<Code> code = isolate->builtins()->builtin_handle(builtin_id);
   const bool kIsConstructor = true;
-  Handle<SharedFunctionInfo> shared = isolate->factory()->NewSharedFunctionInfo(
-      name, code, kIsConstructor, kNormalFunction, builtin_id);
+  Handle<SharedFunctionInfo> shared =
+      isolate->factory()->NewSharedFunctionInfoForBuiltin(
+          name, builtin_id, kIsConstructor, kNormalFunction);
   shared->SetConstructStub(*BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
   shared->set_internal_formal_parameter_count(len);
   shared->set_length(len);
@@ -402,22 +402,21 @@ V8_NOINLINE Handle<JSFunction> CreateFunction(
     Isolate* isolate, Handle<String> name, InstanceType type, int instance_size,
     int inobject_properties, MaybeHandle<Object> maybe_prototype,
     Builtins::Name builtin_id) {
-  Handle<Code> code(isolate->builtins()->builtin(builtin_id));
   Handle<Object> prototype;
   Handle<JSFunction> result;
 
   if (maybe_prototype.ToHandle(&prototype)) {
     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
-        name, code, prototype, type, instance_size, inobject_properties,
-        builtin_id, IMMUTABLE);
+        name, prototype, type, instance_size, inobject_properties, builtin_id,
+        IMMUTABLE);
 
     result = isolate->factory()->NewFunction(args);
     // Make the JSFunction's prototype object fast.
     JSObject::MakePrototypesFast(handle(result->prototype(), isolate),
                                  kStartAtReceiver, isolate);
   } else {
     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithoutPrototype(
-        name, code, builtin_id, LanguageMode::kStrict);
+        name, builtin_id, LanguageMode::kStrict);
     result = isolate->factory()->NewFunction(args);
   }
 
@@ -608,10 +607,8 @@ Handle<JSFunction> Genesis::CreateEmptyFunction(Isolate* isolate) {
 
   // Allocate the empty function as the prototype for function according to
   // ES#sec-properties-of-the-function-prototype-object
-  Handle<Code> code(BUILTIN_CODE(isolate, EmptyFunction));
-  NewFunctionArgs args =
-      NewFunctionArgs::ForBuiltin(factory->empty_string(), code,
-                                  empty_function_map, Builtins::kEmptyFunction);
+  NewFunctionArgs args = NewFunctionArgs::ForBuiltin(
+      factory->empty_string(), empty_function_map, Builtins::kEmptyFunction);
   Handle<JSFunction> empty_function = factory->NewFunction(args);
 
   // --- E m p t y ---
@@ -663,9 +660,8 @@ Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic() {
     return restricted_properties_thrower_;
   }
   Handle<String> name(factory()->empty_string());
-  Handle<Code> code = BUILTIN_CODE(isolate(), StrictPoisonPillThrower);
   NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithoutPrototype(
-      name, code, Builtins::kStrictPoisonPillThrower, i::LanguageMode::kStrict);
+      name, Builtins::kStrictPoisonPillThrower, i::LanguageMode::kStrict);
   Handle<JSFunction> function = factory()->NewFunction(args);
   function->shared()->DontAdaptArguments();
 
@@ -1228,11 +1224,10 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
 
   if (js_global_object_template.is_null()) {
     Handle<String> name(factory()->empty_string());
-    Handle<Code> code = BUILTIN_CODE(isolate(), Illegal);
     Handle<JSObject> prototype =
         factory()->NewFunctionPrototype(isolate()->object_function());
     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
-        name, code, prototype, JS_GLOBAL_OBJECT_TYPE, JSGlobalObject::kSize, 0,
+        name, prototype, JS_GLOBAL_OBJECT_TYPE, JSGlobalObject::kSize, 0,
         Builtins::kIllegal, MUTABLE);
     js_global_object_function = factory()->NewFunction(args);
 #ifdef DEBUG
@@ -1261,9 +1256,8 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
   Handle<JSFunction> global_proxy_function;
   if (global_proxy_template.IsEmpty()) {
     Handle<String> name(factory()->empty_string());
-    Handle<Code> code = BUILTIN_CODE(isolate(), Illegal);
     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
-        name, code, factory()->the_hole_value(), JS_GLOBAL_PROXY_TYPE,
+        name, factory()->the_hole_value(), JS_GLOBAL_PROXY_TYPE,
         JSGlobalProxy::SizeWithEmbedderFields(0), 0, Builtins::kIllegal,
         MUTABLE);
     global_proxy_function = factory()->NewFunction(args);
@@ -1399,11 +1393,9 @@ static void InstallError(Isolate* isolate, Handle<JSObject> global,
 namespace {
 
 void InstallMakeError(Isolate* isolate, int builtin_id, int context_index) {
-  Handle<Code> code(isolate->builtins()->builtin(builtin_id));
   NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
-      isolate->factory()->empty_string(), code,
-      isolate->factory()->the_hole_value(), JS_OBJECT_TYPE,
-      JSObject::kHeaderSize, 0, builtin_id, MUTABLE);
+      isolate->factory()->empty_string(), isolate->factory()->the_hole_value(),
+      JS_OBJECT_TYPE, JSObject::kHeaderSize, 0, builtin_id, MUTABLE);
 
   Handle<JSFunction> function = isolate->factory()->NewFunction(args);
   function->shared()->DontAdaptArguments();
@@ -3282,10 +3274,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     proxy_function_map->SetInObjectUnusedPropertyFields(unused_property_fields);
 
     Handle<String> name = factory->Proxy_string();
-    Handle<Code> code(BUILTIN_CODE(isolate, ProxyConstructor));
 
     NewFunctionArgs args = NewFunctionArgs::ForBuiltin(
-        name, code, proxy_function_map, Builtins::kProxyConstructor);
+        name, proxy_function_map, Builtins::kProxyConstructor);
     Handle<JSFunction> proxy_function = factory->NewFunction(args);
 
     JSFunction::SetInitialMap(proxy_function, isolate->proxy_map(),
@@ -3389,9 +3380,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // --- sloppy arguments map
     Handle<String> arguments_string = factory->Arguments_string();
     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
-        arguments_string, BUILTIN_CODE(isolate, Illegal),
-        isolate->initial_object_prototype(), JS_ARGUMENTS_TYPE,
-        JSSloppyArgumentsObject::kSize, 2, Builtins::kIllegal, MUTABLE);
+        arguments_string, isolate->initial_object_prototype(),
+        JS_ARGUMENTS_TYPE, JSSloppyArgumentsObject::kSize, 2,
+        Builtins::kIllegal, MUTABLE);
     Handle<JSFunction> function = factory->NewFunction(args);
     Handle<Map> map(function->initial_map());
 
 
@@ -1252,17 +1252,75 @@ void Builtins::Generate_InterpreterEnterBytecodeDispatch(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_CompileLazyDeoptimizedCode(MacroAssembler* masm) {
-  // Set the code slot inside the JSFunction to the trampoline to the
-  // interpreter entry.
-  __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
-  __ ldr(r2, FieldMemOperand(r2, SharedFunctionInfo::kCodeOffset));
+  // Set the code slot inside the JSFunction to CompileLazy.
+  __ Move(r2, BUILTIN_CODE(masm->isolate(), CompileLazy));
   __ str(r2, FieldMemOperand(r1, JSFunction::kCodeOffset));
   __ RecordWriteField(r1, JSFunction::kCodeOffset, r2, r4, kLRHasNotBeenSaved,
                       kDontSaveFPRegs, OMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
   // Jump to compile lazy.
   Generate_CompileLazy(masm);
 }
 
+static void GetSharedFunctionInfoCode(MacroAssembler* masm, Register sfi_data,
+                                      Register scratch1) {
+  // Figure out the SFI's code object.
+  Label done;
+  Label check_is_bytecode_array;
+  Label check_is_code;
+  Label check_is_fixed_array;
+  Label check_is_pre_parsed_scope_data;
+  Label check_is_function_template_info;
+
+  Register data_type = scratch1;
+
+  // IsSmi: Is builtin
+  __ JumpIfNotSmi(sfi_data, &check_is_bytecode_array);
+  __ Move(scratch1,
+          Operand(ExternalReference::builtins_address(masm->isolate())));
+  __ ldr(sfi_data, MemOperand::PointerAddressFromSmiKey(scratch1, sfi_data));
+  __ b(&done);
+
+  // Get map for subsequent checks.
+  __ bind(&check_is_bytecode_array);
+  __ ldr(data_type, FieldMemOperand(sfi_data, HeapObject::kMapOffset));
+  __ ldrh(data_type, FieldMemOperand(data_type, Map::kInstanceTypeOffset));
+
+  // IsBytecodeArray: Interpret bytecode
+  __ cmp(data_type, Operand(BYTECODE_ARRAY_TYPE));
+  __ b(ne, &check_is_code);
+  __ Move(sfi_data, BUILTIN_CODE(masm->isolate(), InterpreterEntryTrampoline));
+  __ b(&done);
+
+  // IsCode: Run code
+  __ bind(&check_is_code);
+  __ cmp(data_type, Operand(CODE_TYPE));
+  __ b(eq, &done);
+
+  // IsFixedArray: Instantiate using AsmWasmData,
+  __ bind(&check_is_fixed_array);
+  __ cmp(data_type, Operand(FIXED_ARRAY_TYPE));
+  __ b(ne, &check_is_pre_parsed_scope_data);
+  __ Move(sfi_data, BUILTIN_CODE(masm->isolate(), InstantiateAsmJs));
+  __ b(&done);
+
+  // IsPreParsedScopeData: Compile lazy
+  __ bind(&check_is_pre_parsed_scope_data);
+  __ cmp(data_type, Operand(TUPLE2_TYPE));
+  __ b(ne, &check_is_function_template_info);
+  __ Move(sfi_data, BUILTIN_CODE(masm->isolate(), CompileLazy));
+  __ b(&done);
+
+  // IsFunctionTemplateInfo: API call
+  __ bind(&check_is_function_template_info);
+  if (FLAG_debug_code) {
+    __ cmp(data_type, Operand(FUNCTION_TEMPLATE_INFO_TYPE));
+    __ Assert(eq, AbortReason::kInvalidSharedFunctionInfoData);
+  }
+  __ Move(sfi_data, BUILTIN_CODE(masm->isolate(), HandleApiCall));
+
+  __ bind(&done);
+}
+
 void Builtins::Generate_CompileLazy(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0 : argument count (preserved for callee)
@@ -1285,13 +1343,15 @@ void Builtins::Generate_CompileLazy(MacroAssembler* masm) {
   // Is there an optimization marker or optimized code in the feedback vector?
   MaybeTailCallOptimizedCodeSlot(masm, feedback_vector, r4, r6, r5);
 
-  // We found no optimized code.
+  // We found no optimized code. Infer the code object needed for the SFI.
   Register entry = r4;
   __ ldr(entry,
          FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
+  __ ldr(entry,
+         FieldMemOperand(entry, SharedFunctionInfo::kFunctionDataOffset));
+  GetSharedFunctionInfoCode(masm, entry, r5);
 
-  // If SFI points to anything other than CompileLazy, install that.
-  __ ldr(entry, FieldMemOperand(entry, SharedFunctionInfo::kCodeOffset));
+  // If code entry points to anything other than CompileLazy, install that.
   __ Move(r5, masm->CodeObject());
   __ cmp(entry, r5);
   __ b(eq, &gotta_call_runtime);
@@ -1361,25 +1421,9 @@ void Builtins::Generate_DeserializeLazy(MacroAssembler* masm) {
 
   {
     // If we've reached this spot, the target builtin has been deserialized and
-    // we simply need to copy it over. First to the shared function info.
+    // we simply need to copy it over to the target function.
 
     Register target_builtin = scratch1;
-    Register shared = scratch0;
-
-    __ ldr(shared,
-           FieldMemOperand(target, JSFunction::kSharedFunctionInfoOffset));
-
-    CHECK(r5 != target && r5 != scratch0 && r5 != scratch1);
-    CHECK(r9 != target && r9 != scratch0 && r9 != scratch1);
-
-    __ str(target_builtin,
-           FieldMemOperand(shared, SharedFunctionInfo::kCodeOffset));
-    __ mov(r9, target_builtin);  // Write barrier clobbers r9 below.
-    __ RecordWriteField(shared, SharedFunctionInfo::kCodeOffset, r9, r5,
-                        kLRHasNotBeenSaved, kDontSaveFPRegs,
-                        OMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
-
-    // And second to the target function.
 
     __ str(target_builtin, FieldMemOperand(target, JSFunction::kCodeOffset));
     __ mov(r9, target_builtin);  // Write barrier clobbers r9 below.